Revert "Reapply "Roll protobuf to 29.3"" This reverts commit b9b854bf906c3093a056b75631a19cacd8240708. Reason for revert: broke win-presubmit and linux-presubmit "Too large files found in commit"; see https://ci.chromium.org/ui/p/chromium/builders/ci/linux-presubmit/24487/overview Original change's description: > Reapply "Roll protobuf to 29.3" > > This reverts commit 7f3d30b9cf97c8a5bc1db73bf6d94e24b8bc9cfd > with fixes for: > * Chromecast > * CFI > * siso > * a couple other issues fixed separately from this CL > > =========================== > Original issue description: > =========================== > > Roll protobuf to 29.3 > > * Roll protobuf and write new build targets by hand since the existing > script no longer works (gen_chromium_file_lists.py) > > + Tweaks to upstream listed in README.chromium > > * Roll protobuf-javascript to newest version since the existing > version is incompatible with newer protobuf (and the newest version > of protobuf-javascript is incompatible with older protobuf, so this > can't be done separately) > > * Roll libprotobuf-mutator to newest version, reasoning: ditto > > * Update some Chromium code (other, preparatory updates were possible > prior to the role as they were compatible with either version of > protobuf) > > * GRPC is *not* rolled but has some minor hacks added to avoid > referencing non-existent files and symbols. These hacks wouldn't > stand up to linking, but the relevant code is not actually used. > GRPC is not rolled because there are seemingly substantial changes > needed to both its build and its code, some of which are not > related to protobuf, but the fact that GRPC is months to years out > of date (depending on what commit we attempt to roll it to). For > example: use of GCC extensions. > > * Protobuf uses absl for logging now and therefore its `LogSilencer` > is removed. Lots of fuzzers are using `LogSilencer`, but it's not > clear how crucial that is. `LogSilencer` usage is simply removed > for now. > > NO_IFTTT=upstream code > > Cq-Include-Trybots: luci.chromium.try:linux-cast-x64-rel > No-Presubmit: true > Bug: 328417294 > Change-Id: Ie27ad5e64ebe6edadebcf40fa869dd7b83cb97fb > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6228766 > Owners-Override: Nico Weber <[email protected]> > Reviewed-by: Nico Weber <[email protected]> > Commit-Queue: Evan Stade <[email protected]> > Cr-Commit-Position: refs/heads/main@{#1416848} Bug: 328417294 Change-Id: Ie73624e635a90d8a28abaff88bbf3404504ebfbd Cq-Include-Trybots: luci.chromium.try:linux-cast-x64-rel No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6242714 Commit-Queue: Rubber Stamper <[email protected]> Auto-Submit: Greg Thompson <[email protected]> Owners-Override: Greg Thompson <[email protected]> Bot-Commit: Rubber Stamper <[email protected]> Cr-Commit-Position: refs/heads/main@{#1417184} NOKEYCHECK=True GitOrigin-RevId: d17f26460a815a7c966efa404beae7d694391793
Fuzzing is a testing technique that feeds auto-generated inputs to a piece of target code in an attempt to crash the code. It's one of the most effective methods we have for finding security and stability issues (see go/fuzzing-success). You can learn more about the benefits of fuzzing at go/why-fuzz.
This documentation covers the in-process guided fuzzing approach employed by different fuzzing engines, such as libFuzzer or [AFL]. To learn more about out-of-process fuzzers, please refer to the Blackbox fuzzing page in the ClusterFuzz documentation.
In Chromium, you can easily create and submit fuzz targets. The targets are automatically discovered by buildbots, built with different fuzzing engines, then uploaded to the distributed ClusterFuzz fuzzing system to run at scale.
You should fuzz any code which absorbs inputs from untrusted sources, such as the web. If the code parses, decodes, or otherwise manipulates that input, it's an especially good idea to fuzz it.
Create your first fuzz target and submit it by stepping through our Getting Started Guide.
Creating a fuzz target that expects a protobuf instead of a byte stream as input.
Reproducing bugs found by libFuzzer/AFL and reported by ClusterFuzz.
Fuzzing mojo interfaces using automatically generated libprotobuf-mutator fuzzers.